AoC 1 - Paolo :

Hi Dinis, the Owasp autumn of Code idea is great and it would be
greate for me to partecipate.
This is my submission informations:

1) Contact details
...........

2) Which project you want to be involved in
I'd like to be involved in Code Review project

3) Why you should be sponsored for the project
I've got a very strong background in software development. I reached a
good C programming level (working at kernel level in Linux operating
system) and a good Java programming level in web application
development field.
My working field is however security as pen tester and code reviewer
and I want to merge these two main field of interest: security and
code.

I think I can improve Code Review project merging my theorical
experience (writing doc about code review, secure coding and providing
code snippets in various languages as a sort of Sample Library or
knowledge base) with my pratical attidute. Looking ad Owasp LAPSE
project, it would be a great idea to create a sort of common API
building a sort of "code review tool engine".

This engine would be generic and devoted ONLY to code review related
aspects. Using such engine as basis we could build a pletora of tools
providing code review capability for common os IDE (extending LAPSE
for eclipse, netbeans, ...) and for ad hoc command line tool.

4) What are the objectives and deliverables
My objectives are:

focusing people attention about how much code review and safe coding important are

providing people practical instruments to test their applications or to build their testing tool too

My deliverables are:

improving Code Review project documentation for my first objective

realize the engine core complete with a set of well known wrong code practice, providing a way to extend such engine and to provide a PoF testing tool using the aformentioned APIs